strategic aspects of risk management · 2019-07-29 · strategic aspects of risk management. 6 the...
TRANSCRIPT
Strategic Aspects of Risk Management
Presented by The Institutes CPCU Society Risk Management Interest Group
2 The Institutes CPCU Society
• Click on the arrow next to Q&A
located in the lower right hand
corner of your screen.
• Type in your question in the
space provided.
• Click “Send.”
Note: Please make sure you
send your question(s) to “All
Panelists.”
Q&A
4 The Institutes CPCU Society
Antitrust Statement
During this webinar we intend to comply in all respects with the federal, state and
international antitrust laws. These laws forbid agreements among competitors in the
marketplace which restrict a company’s freedom to make independent decisions in
matters affecting competition.
Participants will not discuss, nor field questions about, any matters relating to individual
company rates, underwriting, coverages or marketing. We will not discuss:
• Present or future prices of products or services
• Present or future sales terms and conditions
• Treatment of any customer
• Current or future business strategies or marketing plans, or
• Refusing to deal with any customer, competitor, or supplier
5 The Institutes CPCU Society
Audio will be automatically streamed through your computer speakers.
Please leave this window open if you would like to listen to today’s presentation via audio broadcast:
If you do not have computer speakers:
Call in to the teleconference (us/canada only) at 1-877-668-4490
Enter event number 664 231 181
If you are having trouble with either option, please submit your need for assistance in the Q&A section.
Strategic Aspects of Risk Management
6 The Institutes CPCU Society
Presenter—
Chris Mandel, CPCU, ARME, RIMS-CRMP
Director, Sedgwick Institute
Senior Vice President, Sedgwick
Webinar Speaker
© 2017 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.
The Evolution & Future of Risk Management
Strategic Aspects of Risk
Management
Agenda ➢ Risk management evolution
➢ Risk profiles
➢ Risk in a strategic context
➢ Risk appetite and tolerances
➢ What is digital risk and the digitization of the risk profile?
➢ Business model risk
➢ VUCA and emerging risks
➢ Considerations for Managing Risk Strategically
➢ Key takeaways and questions
Value
Time
Fundamentals
Enhanced & Broadened
Operational Success
Strategic
High-Performance Risk
Management
• Focus: long-term success
• Scope: consistent, targeted
support to accomplish mission;
embedded risk management
practices/risk as a differentiator;
risk>innovation
Advanced Risk
Management
• Focus: short-term success
• Scope: mitigation of
controllable risks; manage
risk as an expense
Traditional Risk
Management
• Focus: insuring
against the bad things
• Scope: risk transfer,
insurance, loss
prevention, mitigation
of insurable risks
9
A Strong Migration Toward Strategic Influence
& Ultimate Success
An Enterprise Risk Type Spectrum
Strategic
• Acquisitions
• Business model
• Competition
• Demographic
• Brand
• Disruptive innovation
• Market
Operations
• Customer service
• Infrastructure
• Processes
• System capabilities
• Talent
• Technology
Financial
• Capital
• Cash flow
• Credit
• Debt obligations
• Foreign exchange
• Liquidity
• Etc.
External
• Economy
• Environment
• Geopolitical
• Regulatory
• Tax policies
• Weather events
• Etc.
12
Macro-level Categories to Consider
Environmental
Systemic
Cultural
Technological
Societal
Geopolitical
Economic
FR
EQ
UEN
CY
/LIK
ELIH
OO
D
SEVERITY/IMPACT
Expected vs. Unexpected
X Expected
Losses
Typically Uninsurable
Copyright ERM, LLC: All rights reserved; distribution
prohibited without permission
TypicallyInsurable
The discipline of risk management has
evolved from strictly a value-preservation-
based focus to a focus balanced between
protecting assets and creating or enhancing
value.
Strategic Risks
Regulatory Risks
Risk Appetite and Culture
Operational Risks
Financial Risks
Risk Tolerances, Ownership,
and Accountability
Effective Risk Management?A flexible and dynamic
risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic
risk to create new streams of revenue and increase value.
Value Preservation to Value Creation
To compete, you grow. To grow, you innovate. To innovate, you must take risk.
Scenario Modeling Is Key
How do we identify scenarios?
• What are the events that keep you up at night?
• Which events could trigger a catastrophic loss?
• How could your company’s name get into the news in an unflattering way?
• What events are the organization underprepared for?
• What events could fundamentally change the way the business operates?
What Is a Risk Profile?
➢ Key risks vs. all risks?
➢ What matters to whom?
➢ Alignment with KPIs/corporate scorecards
➢ Who owns and is accountable?
➢ Correlation with strategies and objectives
➢ Status of the control environment
➢ Status of targeted mitigation
➢ Trends and relevant changes
Your risk profile can and
should inform the organization’s
strategy.
What Is (Being) Digital?
Being digital is the reimagining of business processes to be, by default, a fully online and fully automated process from end-user interaction to back-office processing, with no need for human intervention. Attributes include:➢ Customer-first culture
➢ Real time
➢ Automated processing
➢ Intelligent
➢ Accessible online anywhere
➢ Attractive and user-friendly
➢ Drives change
➢ Continuously improving
Digitization Trends➢ Increasing speed of data availability, even in real time
➢ Increasing breadth and depth of exposure-data quality that, when aligned with loss data, enable a more complete view into risk profile
➢ Declining cost of more robust tech tools that will enable more risk leaders to be more effective and to better contribute at higher, more strategic levels
➢ Reduced regulatory burden flowing from the above as regulators get more comfortable with the way particularly large risk-bearing entities manage risk
➢ Increasing data-privacy challenges as more potentially sensitive private information is available to more stakeholders, including more exposure to bad actors
Digitization Trends
➢ Eventual complete digitization of risk profile
➢ More investment in data collection and analysis tools
➢ Increasing transparency among risk stakeholders
➢ Ultimately, declining cost of traditional risk and increasing cost of risk in emerging exposure areas
➢ Increasing formation of alliances and coalitions
Digital Risk
Management
Is Where
Risk Leaders
Would:
The future of risk management in the digital era- December 2017 | Report McKinsey & Co.
Capture and manage information from a broader and richer set of data
Capture and
Manage
Use advanced analytics to further improve the accuracy and consistency of its modelsUse
Embed mitigation solutions in the organization’s websites; mobile apps; and its financial, product, and process platformsEmbed
Enable leaders to consult self-serve dashboards informed by risk analysesEnable
Review and reshape its mandate and role to capitalize on its ability to provide faster, more forward-looking, and deeper insights and advice to the organization
Review and Reshape
Acquire sufficient technological skills/understanding to enable building digital risk resiliencyAcquire
Important Aspects of Digital Risk
Digital Risk
Digital in the
Business
Digital as a Business
Higher Speed of Impact
Strategic
Impact
Operational Impact
Governance Impact
22
Sedgwick © 2011 Confidential – Do not disclose or distribute. 23
VUCA Defines Risk in a Digital World
Volatile: nature, dynamics, and speed of change
Uncertain: lack of predictability, subject to surprises
Complex: multiplex of forces, confounding issues, chaos and confusion
Ambiguous: haziness of reality, mixed meanings, potential for misreads
Traits of Emerging Risks
Emerging Risks
High Level of Uncertainty
Lack of Consensus
Uncertain relevance
Difficult to Communicate
Difficult to Assign
Ownership
Systemic or “Business Practice”
Issues
Source: RIMS Executive Report Emerging Risks and Enterprise Risk Management © 2010 RIMS
What Is Business Model Risk?
• A business model is a company's plan for making a
profit or an organization’s plan for delivering it’s mission.
It identifies the products or services the business will
sell/provide, its target market and the expenses it
anticipates.
• Business model risks (BMRs) are the risks that could
prevent the plan from succeeding and the risks that must
be taken to successfully execute the plan.
• What about strategic risk management?
Investopedia, “Business Model,” https://www.investopedia.com/terms/b/businessmodel.asp.
Risks to the Business Model
• The risks facing an organization are comprehensive and touch all aspects of its activities (operations, finance, reputation and intangibles, legal and regulatory, etc.)
• The business model provides a rigorous framework for identifying risks.
• By stress-testing key linkages and assumptions, the board and management can determine what might go wrong and the consequences of the problem.
• Management can then develop very detailed risk management analyses around each key issue.
Risk Management and the Business Model
• Traditional risk management is more focused on controls to:– Stop value leakage.
– Minimize risk taking.
– Ensure compliance around operational model.
• Risk to business model often not well understood or assessed– Even when understood, risks often ignored.
– Most challenging to identify when the organization has been successful long term.
– Risk heat maps may only mislead further.
• Counterintuitive– Risk to business model can be mitigated by encouraging innovations.
– Innovation requires more risk taking.
– So, more risks must often be accepted to manage business model risks.
– The very processes that propelled and sustained success can be the cause of failure.
The Board, Risk, and the Business Model
The board has four important responsibilities in this area:
1. Determine the risk tolerance of the company, in consultation with management, shareholders and stakeholders.
2. Evaluate the company’s strategy and business model in the context of the firm’s risk tolerance.
3. Ensure that the company is committed to operating at an appropriate risk level. It relies on KRIs to help make this assessment.
4. Satisfy itself that management has developed necessary internal controls and that procedures remain effective.
Your Role In Addressing Strategic Business Model Risk
What are the key risks to the successful execution of our strategy and business
model?
Do we understand the root cause, impact, likelihood and potential velocity of
those risks that could prevent its achievement?
Are we taking the right risks and enough risk to achieve
the plan/mission?
Are we providing actionable risk information to
leadership on both sets of risks?
Are we monitoring and revising the risk profile in accordance with shifts in
the plan and accounting for new and emerging risks
relevant to the plan?
A Strategic Risk Management Approach
• Expected vs. unexpected risks
➢ Identifying
➢Assessing
➢Measuring
• Risk appetite and tolerances
➢Weighting and prioritizing risk
• Emerging and dynamic risk assessments
• Reporting on strategic risks
• Alignment and tie to strategy and performanceCopyright © 2011 Risk and Insurance Management Society, Inc. All rights reserved.
32
Risk Capability as a Feeder to Strategy
Four areas of improvement necessary for risk-strategy success:
1. Aligning, if not integrating, business strategy with risks
2. Adopting and applying dynamic risk appetite strategies/frameworks
3. Managing the diversity of stakeholder expectations
4. Improving risk sensing, monitoring, and reporting
Source: PwC’s Re-evaluating how your company addresses risk
Eight Steps to Integrating Risk and Strategy1. Build meaningful relationships with planning leaders.
2. Demonstrate to planners the direct relationship between specific key risks and the
strategic goals of the firm.
3. Demonstrate to planners the ability to treat these risks, including the clear understanding
of the cost benefit of mitigation.
4. Articulate examples of how new or greater risks taken can create value.
5. Identify and challenge fundamental assumptions.
6. Identify and look for signals regarding unexpected events.
7. Clarify whether these events are risks, opportunities or both.
8. Develop a plan with options that allow for resiliency in adversity through agility.
Source: Deloitte’s Shaping a Risk Intelligent Strategy
How Is the Digital Risk Profile Different?
➢ Key technology affected risks vs. all risks
➢ What matters most to whom driven by technology?
➢ Connects relevant digital risk strategies with specific risks
➢ The status of the digital control environment
➢ Depicts digital trends and significant changes
➢ Informed by risk professionals with an understanding of how
technology is affecting exposures and strategy
➢ Used to educate and keep leadership informed
Where Do Digital Risks Live?
Strategic
• Acquisitions
• Business model
• Competition
• Demographic
• Brand
• Disruptive innovation
• Market.
Operations
• Customer service
• Infrastructure
• Processes
• System capabilities
• Talent
• Technology
Financial
• Capital
• Cash flow
• Credit
• Debt obligations
• Foreign exchange
• Liquidity
• Etc.
External
• Economy
• Environment
• Geopolitical
• Regulatory
• Tax policies
• Weather events
• Etc.AN ENTERPISE RISK MANAGEMENT SPECTRUM
Explosion of digital creates risk exposures
▪ Overreliance on critical information infrastructure
▪ More digital processes exposed to cyber attacks, data theft
▪ Cyber risk aggregation scenarios
▪ Reliability of data from sensors is unproven
▪ Cascading failure from interconnected technologies
▪ Lack of standards in IoT
▪ Intersection of humans and technology
▪ Legacy systems unable to keep up, integrate with new
tech
▪ New sources of fraud from streamlined claims processes
▪ Legacy products not meeting needs created by new tech
▪ Technology that reduces losses also reduces premiums
Proof That Digital Risks Are Here: Top Risk for 2019
• Existing operations meeting performance expectations competing against born-digital firms
• Succession challenges and ability to attract and retain top talent
• Regulatory changes and scrutiny
• Cyber threats
• Resistance to change operations
Top Risks for 2019
• Rapid speed of disruptive innovations and new technologies
• Privacy, identity management and information security
• Inability to effectively utilize analytics and big data
• Organizational culture may not sufficiently encourage timely identification and escalation of risk issues
• Sustaining customer loyalty and retention
Source: Protiviti’s Board Perspectives and Risk Oversight; issue 111
Why Is Risk Appetite Needed?
• Aligns individual leaders’ risk preferences with organizational risk preference
– Different individual motivations
– Different professional and personal backgrounds
• Organizations often play at cusp of public good and private good, clarity often not pursued until too late
• Risk is at the heart of any business—risk appetite helps by:
– Promoting conscious risk taking and recognizing and accepting that risk taking will lead to failures
– Defining failures up front and making exit decisions easier
– Taking a portfolio perspective of risk and rewards
Key Questions Addressing Risk Taking➢ How much risk are we taking?
➢ How much risk can we take?
➢ How much risk do we prefer to take?
➢ How much risk do we need to take to reach our strategic goals?
➢ Which risks do we want to take and which risks are unacceptable to take and why?
➢ What is the gap between capacity and need?
➢ What actions can we take to close the gap to align with needs and stay within legal limits and preferences?
➢ If the gap between need and capacity is large, which strategies need to be modified and how?
➢ What stakeholders will be most affected by these modifications?
42
A digital transformation for risk would
mean a number of changes.
Risk would capture and
manage information
from a broader and richer set of data, looking
into nontraditional
sources like online
reviews.
Risk would automate
processes it controls and
work with others to do the same for
decision-heavy processes.
Risk would use advanced
analytics to further
improve the accuracy and
consistency of its models, in
part by greatly reducing the
biases.
Risk would embed
solutions into an
organization's website,
mobile appand corporate platform while
deploying a flexible risk
data architecture.
Inside the organization, leaders would consult self-
serve dashboards informed by
risk analyses—
and act on risk-driven strategic advice.
Risk would review and reshape its
mandate and role to
capitalize on its ability to
provide faster, more forward-
looking and deeper
insights and advice.
Risk would alter its organizational setup, as well as
its
culture,
talent and
ways of working.
Roadmap to the Digital Risk Future
Considerations for More Strategic Management of Risk
• Appetite, tolerances and materiality understoodo Identify the risks the board and senior management need to take, know and manage most effectively
• Risk strategy and profile definedo Drive a consensus around risk strategy, the risk profile and ensuring risk a key consideration in
planning/decision making
• Capable, informed and aligned risk stakeholderso Involve the right stakeholders in an effective and coordinated risk strategy that adds value in executing
corporate strategy
• Clear, understandable risk processo Enable board members, managers and employees to understand and be appropriately engaged in the risk
process
• Embedding risk intelligence into culture—build resilienceo Integrate risk management into all key business processes, including planning, operating and financing
activities
Takeaways • Digital and digital risk are both the present and the future as it subsumes business models and
the risk profile of all organizations.
• Emerging risks may not be controllable, but they must be addressed.
• Addressing strategic business model risk will vary company by company depending on culture, leadership support, internal and external risk profile, and risk tolerance.
• You must know your stakeholders, their priorities and their interests and role in a successful risk program and strategy.
• Your risk management strategy must include a measurement and reporting strategy and plan.
• A strong enterprise wide strategic risk framework and plan will help you prepare for and respond more effectively to the uncertainties of the future.
• Ultimately, the goal is to take more intelligent risks while building strategic digital resiliency in your organization.
44
Chris Mandel, RIMS-CRMP, CPCU, ARM-E, RF
SVP Strategic Solutions, Sedgwick
& Director, the Sedgwick Institute
210-845-5804
Contact information
www.sedgwickcms.com www.sedgwickinstitute.com
Christopher E. Mandel, RF, RIMS-CRMP, CPCU, ARM-ESVP, Strategic Solutions, Sedgwick, Inc. &
Director, Sedgwick Institute
Christopher E. Mandel is the SVP for Strategic Solutions at Sedgwick and the Director of the Sedgwick Institute. In both roles he is engaged in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rPM3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rPM3 Solutions holds a patent for a unique risk measurement process known as ARQ™. Prior to electing early retirement and for ten years from 2001-2010, Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility.
Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as “excellent and a leader in ERM” from 2006 through 2010. In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for “Excellence in ERM” on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in 2004. He also received RIMS’ Goodell Award (2016) for lifetime achievement.
Mr. Mandel’s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel’s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company’s key performance metrics and ultimately, mission accomplishment.
Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the “Risk Innovation” column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who’s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through 2008.
CONTACT: [email protected] 210-698-8056 o 210-845-5804 m https://www.sedgwick.com
48
Sedgwick © 2013 Confidential – Do not disclose or distribute. 49
Sedgwick CMS
The leader in innovative claims and productivity management solutions
Sedgwick Claims Management Services, Inc. is the leading North American provider of innovative claims and productivity management solutions. Sedgwick and its affiliated companies deliver cost-effective claims, productivity, managed care, risk consulting, and other services to clients through the expertise of more than 21,000 colleagues in 900 offices located in 65 countries. The company specializes in workers’ compensation; disability, FMLA and other employee absence; managed care; general, automobile and professional liability; warranty and credit card claims services; fraud and investigation; structured settlements; and Medicare compliance solutions. Sedgwick and its affiliates design and implement customized programs based on proven practices and advanced technology that exceed client expectations. For eight years in a row, Sedgwick has been awarded the distinguished Employer of Choice® certification, the only third-party administrator (TPA) to receive this designation. In 2011 and 2012, the company was named the Best Overall TPA by buyers of risk services through an independent survey conducted by Business Insurance. For more see www.sedgwick.com.
© 2018, Sedgwick Claims Management Services, Inc. applies to all content except where otherwise noted
Sedgwick © 2013 Confidential – Do not disclose or distribute. 50
The Sedgwick Institute
Vision
Launched I 2016, the Sedgwick Institute serves as an incubator for some of the best and brightest minds to advance the conversations that affect all the players in our industry, including injured and ill members of the workforce, insurance carriers, employers, property owners, third party claims administrators, brokers, lawmakers and medical providers. The institute’s thought leaders work individually and collaboratively to examine selected complex challenges facing the various stakeholders in our space and propose innovative options and solutions to improve public and private decision making on these issues.
Purpose
The Sedgwick Institute is an interdisciplinary community of thought leaders dedicated to helping drive dialogue and action around issues affecting the risk and benefits industry.
Who
To fulfill its evolving agenda, the Sedgwick Institute leverages both full- and part-time expertise from business, government, academia and other industry sources, through visiting or full-time fellow positions. While no specific minimum criteria are anticipated, decisions about institute appointments will be primarily a function of the issues selected to populate the agenda as it develops and evolves.
Visit us at: www.sedgwickinstitute.com & at LinkedIn
Roadmap to the Digital Risk Future
• digital transformation for risk would mean a number of changes.
• Risk would capture and manage information from a broader and richer set of data, looking into nontraditional sources like business-review ratings online.
• Risk would automate processes it controls, and work with others to do the same for decision-heavy processes.
• Risk would use advanced analytics to further improve the accuracy and consistency of its models, in part by greatly reducing the biases
• Risk would embed its solutions into an organization’s website, its mobile app, and its corporate platform, while deploying a flexible risk data architecture.
• Inside the organization, leaders would consult self-serve dashboards informed by risk analyses—and act on risk-driven strategic advice.
• Risk would review and reshape its mandate and role to capitalize on its ability to provide faster, more forward-looking, and deeper insights and advice.
• Risk would alter its organizational setup, as well as its culture, talent, and ways of working.